/*
 * Malware Development for Ethical Hackers
 * hack.c - Anti-VM tricks
 * check hardware
 * author: @cocomelonc
*/
#include <windows.h>
#include <stdio.h>

BOOL checkVM() {
  STORAGE_PROPERTY_QUERY query;
  query.PropertyId = StorageDeviceProperty;
  query.QueryType = PropertyStandardQuery;

  HANDLE hDevice = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);

  if (hDevice == INVALID_HANDLE_VALUE) {
    printf("Failed to open physical drive. Error code: %d\n", GetLastError());
    return FALSE;
  }

  STORAGE_DESCRIPTOR_HEADER header;
  DWORD bytesReturned = 0;

  // Get the size of the STORAGE_DESCRIPTOR_HEADER
  if (!DeviceIoControl(hDevice, IOCTL_STORAGE_QUERY_PROPERTY, &query, sizeof(query), &header, sizeof(header), &bytesReturned, NULL)) {
    printf("Failed to get storage property header. Error code: %d\n", GetLastError());
    CloseHandle(hDevice);
    return FALSE;
  }

  // Allocate memory to retrieve the actual data
  BYTE* buffer = (BYTE*)malloc(header.Size);

  if (buffer == NULL) {
    printf("Memory allocation failed.\n");
    CloseHandle(hDevice);
    return FALSE;
  }

  // Get the storage property data
  if (!DeviceIoControl(hDevice, IOCTL_STORAGE_QUERY_PROPERTY, &query, sizeof(query), buffer, header.Size, &bytesReturned, NULL)) {
    printf("Failed to get storage property data. Error code: %d\n", GetLastError());
    free(buffer);
    CloseHandle(hDevice);
    return FALSE;
  }

  // Replace the following with the actual structure for Vendor ID
  // In this example, assuming Vendor ID is at a specific offset in the buffer
  char* vendorId = (char*)(buffer + sizeof(STORAGE_DESCRIPTOR_HEADER));

  free(buffer);
  CloseHandle(hDevice);
  return TRUE;
}

int main() {
  if (checkVM()) {
    // Handle virtual machine detected case
    MessageBox(NULL, "Meow!", "=^..^=", MB_OK);
  } else {
    // Handle non-virtual machine case
    MessageBox(NULL, "Squeak!", "=^..^=", MB_OK);
  }

  return 0;
}
